COVID-19 has accelerated Digital Transformation over the past 18 months and businesses are competing aggressively to be first to market with digital products and services . Pressure on developers to build and deploy software quicker than ever has precipitated the shift to DevSecOps – integrating Development , Security and Operations to make Application Security an integral part of the software life cycle . At long last , companies are applying AppSec controls to secure the integrity of the development process , as well as scaling DevSecOps pipeline patterns across the entire enterprise .
“ The rise of automation and componentisation in software development has driven a sharp increase in the speed and automation of software security as businesses look to AI and Machine Learning for flaw identification , threat modelling and remediation ,” said Chris Wysopal , Cofounder and Chief Technology Officer at Veracode . “ We ’ ve already seen DevSecOps grow rapidly in maturity and now there ’ s an opportunity to shift
|
security even further left into the design phase to become SecDevOps .”
Componentisation drives speed and efficiencies
Alongside the upward trajectory in automation , Veracode also found a downward trend in the complexity and size of the code being analysed , as evidenced by the 30 % reduction in the average number of modules scanned per scan , indicating a shift towards scanning of individual components or microservices . This is not surprising considering the rapid adoption of both componentised applications and DevOps practices .
With large applications broken down into small reusable components – or microservices – developers can work in more agile ways to iterate quickly and deliver continuously in
|
increments . Interestingly , the rise of API-first development has improved software security with the average time to fix a flaw reduced by around 50 % when using static analysis for APIs or microservices . API scanning also enables organisations to find and fix vulnerabilities in APIs as early and efficiently as possible .
“ Recent high-profile attacks , such as the SolarWinds hack , have put the vulnerability of the software supply chain firmly in the spotlight ,” Wysopal added . “ Businesses now seek the next evolution of software security for peace of mind .
“ This means offering the assurance of continuous orchestration , such as policy definition and management , inline remediation with the ability to ‘ self-heal ’ and runtime intelligence that highlights any flaws introduced as underlying components change .” u
|
intelligent SOFTWARE SECURITY |
www . intelligentciso . com
|
61
|